Penetration Testing: Re: watchguard firewall

[suntzu <oonix () unixfoo org>]

On Sun, 1 Jul 2001, Penetration Testing wrote:

> On Fri, 29 Jun 2001, suntzu wrote:
> > Has anyone successfully obtained a single user mode status on a watchgaurd
> > firewall box?
> You would have your work cut out for you.  Although they run a cut down
> linux operating system, I think it is pretty much butchered, and I would
> not be too surprised if there is no shell installed.
It really didnt look like it.
I hooked up a laptop to the console port and tried to boot into single
user mode but there was no such option that I was aware of.
 
> There is certainly no interactive login mechanism enabled by default.  To
> break one, I am guessing that you would need to buffer overflow some of
> their firewalling code and then install your own listener and shell -
> maybe netcat and a statically compiled /bin/sh.  
How would one initially setup the password from the console?


> Is there anybody on list who has pulled the flash disk out of a firebox
> and mounted it on another system?
I may be able too in a few weeks , since we sold them a new firewall and
that firewall is just lying around collecting dust.
I will keep the list posted if I do get to aquire this hardware. :)


I thank everyone for their taking time to respond.


-s
 
> Dave Taylor

--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/